{
  "id": "CVE-2021-46879",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-04-11T18:15:58.387",
  "lastModified": "2023-04-11T18:19:45.473",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26851",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/fluent/fluent-bit/pull/3100",
      "source": "cve@mitre.org"
    }
  ]
}